43 |
43 |
44 The corresponding values can be either: |
44 The corresponding values can be either: |
45 |
45 |
46 - a comma-separated list containing users and groups, or |
46 - a comma-separated list containing users and groups, or |
47 - an asterisk, to match anyone; |
47 - an asterisk, to match anyone; |
|
48 |
|
49 You can add the "!" prefix to a user or group name to invert the sense |
|
50 of the match. |
48 |
51 |
49 Path-based Access Control |
52 Path-based Access Control |
50 ......................... |
53 ......................... |
51 |
54 |
52 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based |
55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based |
143 # will have write access to any file under the "resources" folder |
146 # will have write access to any file under the "resources" folder |
144 # (except for 1 file. See acl.deny): |
147 # (except for 1 file. See acl.deny): |
145 src/main/resources/** = * |
148 src/main/resources/** = * |
146 |
149 |
147 .hgtags = release_engineer |
150 .hgtags = release_engineer |
|
151 |
|
152 Examples using the "!" prefix |
|
153 ............................. |
|
154 |
|
155 Suppose there's a branch that only a given user (or group) should be able to |
|
156 push to, and you don't want to restrict access to any other branch that may |
|
157 be created. |
|
158 |
|
159 The "!" prefix allows you to prevent anyone except a given user or group to |
|
160 push changesets in a given branch or path. |
|
161 |
|
162 In the examples below, we will: |
|
163 1) Deny access to branch "ring" to anyone but user "gollum" |
|
164 2) Deny access to branch "lake" to anyone but members of the group "hobbit" |
|
165 3) Deny access to a file to anyone but user "gollum" |
|
166 |
|
167 :: |
|
168 |
|
169 [acl.allow.branches] |
|
170 # Empty |
|
171 |
|
172 [acl.deny.branches] |
|
173 |
|
174 # 1) only 'gollum' can commit to branch 'ring'; |
|
175 # 'gollum' and anyone else can still commit to any other branch. |
|
176 ring = !gollum |
|
177 |
|
178 # 2) only members of the group 'hobbit' can commit to branch 'lake'; |
|
179 # 'hobbit' members and anyone else can still commit to any other branch. |
|
180 lake = !@hobbit |
|
181 |
|
182 # You can also deny access based on file paths: |
|
183 |
|
184 [acl.allow] |
|
185 # Empty |
|
186 |
|
187 [acl.deny] |
|
188 # 3) only 'gollum' can change the file below; |
|
189 # 'gollum' and anyone else can still change any other file. |
|
190 /misty/mountains/cave/ring = !gollum |
148 |
191 |
149 ''' |
192 ''' |
150 |
193 |
151 from mercurial.i18n import _ |
194 from mercurial.i18n import _ |
152 from mercurial import util, match |
195 from mercurial import util, match |